package com.renhong.springbootshiro.shiro;

import java.util.LinkedHashMap;
import java.util.Map;

import org.apache.shiro.mgt.SecurityManager;
import org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor;
import org.apache.shiro.spring.web.ShiroFilterFactoryBean;
import org.apache.shiro.web.mgt.DefaultWebSecurityManager;
import org.springframework.aop.framework.autoproxy.DefaultAdvisorAutoProxyCreator;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;

import at.pollux.thymeleaf.shiro.dialect.ShiroDialect;

/*
 * shiro配置类
 */
@Configuration
public class ShiroConfig {
	/**
	 * 创建ShiroFilterFactoryBean
	 */
	@Bean
	public ShiroFilterFactoryBean getShiroFilterFactoryBean(
			@Qualifier("securityManager") DefaultWebSecurityManager securityManager) {
		ShiroFilterFactoryBean shiroFilterFactoryBean = new ShiroFilterFactoryBean();
		// 设置安全管理器
		shiroFilterFactoryBean.setSecurityManager(securityManager);
		/**
		 * Shiro内置过滤器，可以实现权限相关拦截器 常用过滤器： anon：无需认证（登录）可以访问 authc：必须认证才可以访问
		 * user：如果用rememberMe的功能才可以直接访问 perms：该资源必须得到资源权限才可以访问
		 * role：该资源必须得到角色权限才可以访问
		 */
		Map<String, String> filterMap = new LinkedHashMap<String, String>();
		filterMap.put("/testThymeleaf", "anon");// 排除需要过滤的路径（这个要先写，不然不会生效），过滤过个,
		filterMap.put("/login", "anon");// 排除需要过滤的路径,登录的方法,

		// 授权过滤器 注意：当授权拦截后，shiro会跳转到未授权页面
		filterMap.put("/add", "perms[user:add]");// 得到资源权限才可以访问
		filterMap.put("/update", "perms[user:update]");// 得到资源权限才可以访问
		// 设置未授权跳转的路径
		shiroFilterFactoryBean.setUnauthorizedUrl("/noAuth");

		// filterMap.put("/add","authc");
		// filterMap.put("/update","authc");
		filterMap.put("/*", "authc");// 通配符方式，过滤所有

		// 权限验证失败，跳转的路径
		shiroFilterFactoryBean.setLoginUrl("/toLogin");
		shiroFilterFactoryBean.setFilterChainDefinitionMap(filterMap);
		return shiroFilterFactoryBean;
	}

	/**
	 * 创建DefaultWebSecurityManager
	 */

	@Bean("securityManager")
	public DefaultWebSecurityManager getDefaultWebSecurityManager(@Qualifier("userRealm") UserRealm realm) {
		DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager();
		securityManager.setRealm(realm);
		return securityManager;
	}

	/**
	 * 创建Realm
	 */
	@Bean("userRealm")
	public UserRealm getuRealm() {
		return new UserRealm();
	}

	/**
	 * 配置 ShiroDialect ，用于thymeleaf和 shiro标签配合使用
	 */
	@Bean
	public ShiroDialect getShiroDialect() {
		return new ShiroDialect();
	}

 
	
	
	
	/*下面两个开启支持注解权限*/
	@Bean
    @ConditionalOnMissingBean
    public DefaultAdvisorAutoProxyCreator defaultAdvisorAutoProxyCreator() {
        DefaultAdvisorAutoProxyCreator defaultAAP = new DefaultAdvisorAutoProxyCreator();
        defaultAAP.setProxyTargetClass(true);
        return defaultAAP;
    }
	
	@Bean
    public AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor(SecurityManager securityManager) {
        AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor
            = new AuthorizationAttributeSourceAdvisor();
        authorizationAttributeSourceAdvisor.setSecurityManager(securityManager);
        return authorizationAttributeSourceAdvisor;
    }

}
